Using Your Mainframe to Win the Cybersecurity Wars

Your mainframes may be among the oldest part of your infrastructure. But they can also help you meet the newest challenges you face in the realm of cybersecurity. Here’s how.

If you follow IT security news, you know that the scope and nature of threats has evolved significantly in just the past few years. Long gone are the days when opportunistic worms and malware were your biggest worry, and some anti-virus software sufficed to secure your systems.

Cybersecurity Threats Today

Today, you have to contend with the threat of attacks carried out by experts who target your systems in particular, rather than just looking for an easy opportunity to steal some data or compute resources.

Meanwhile, the problem of Distributed Denial of Service, or DDoS, attacks is now greater than ever due to changes like the proliferation of IoT devices that hackers can use as a foundation for launching attacks. The Dyn DNS outage that occurred last fall – which shut down dozens of major websites for hours – made that distinctly clear.

Complicating matters further is an increase in the consequences that businesses face today when they are successfully attacked. In an age when virtually all data is digital and regulatory compliance fines are steeper than ever, the cost of cyberattacks adds up to hundreds of billions of dollars per year collectively. And beyond dollars, your company also suffers a major reputation hit if it joins the ranks of businesses that suffer high-profile security breaches.

Your Mainframe’s Role in Cybersecurity

How can you keep your company off of that list? There are many different steps you should take and tools you should implement, of course.

But for any business that relies on mainframes to power its operations, integrating those systems into the cybersecurity strategy is an essential part of the solution to preventing breaches.

Why? Because the data on your mainframes is the basis for detecting anomalies that, in many cases, are the first sign of an intrusion or breach.

After all, in industries like banking and aviation – where businesses work with high volumes of sensitive data and are lucrative targets for attackers – mainframes process millions of transactions per day. By establishing a baseline of normal transaction activity and searching for patterns that seem to be out of place, you can develop a proactive cybersecurity strategy that goes far beyond passively relying on firewalls or antivirus software to keep information secure.

Stopping Threats in Real Time

That’s not all. The huge volume of data processed by your mainframes can also help you to detect and stop attacks in real time. It allows banks to identify a fraudulent credit card transaction and stop it as it’s in progress, for instance.

That’s the ultimate goal, because detecting a breach and shutting it down before attackers have made off with the goods is much more effective than identifying an intrusion after the fact.

Integrating Your Mainframes into Your Cybersecurity Strategy

Now that you know why your mainframes should be an important part of your cybersecurity defense plan, you should also understand what it takes to integrate them effectively.

The answer here revolves around ensuring that your mainframe data can be fed easily into the tools you use for anomaly detection and other security processes. That’s trickier than it may sound because most threat detection tools are not designed to work natively with mainframe data.

That’s why you need a data integration solution, like Ironstream for logs or “machine” data and DMX-h for application data. Ironstream, for example, streams critical mainframe SMF files and other logs seamlessly into modern analytics platforms and SIEMs (security information and event management solutions) so it can be instantly correlated with other security data. Because manually transferring mainframe data to commodity servers and analytics environments takes a long time, automated solutions are the only way to enable real-time threat detection based on mainframe data.

Remember, too, that data quality counts when it comes to security. In order to avoid false positives – or, worse, false negatives – in your anomaly detection routines, you should make sure that your data is as clean and accurate as possible. Solutions like Trillium help significantly on this front.

Security is top of mind for many corporate security officers, but it also affects many others in IT, including mainframers. Read SIEM is Here: What You Should Know, to learn what Security Information and Event Management (SIEM) is and why it’s relevant to you.